Let’s welcome the new year all prepared, with painful end of year Google Workspace admin tasks behind us.
It’s the end of the year already and there are many tasks you need to look after before that Holiday lethargy sets in and BAM, it’s the new year.
For Google Workspace admins that means taking care of important admin console tasks like ensuring security policies are in order, auditing Drive activity and more.
And because these end of year Google Workspace admin tasks can feel quite cumbersome at first, we created this post to help you complete and streamline them more easily before the year ends.
So let’s roll up our sleeves and dive straight in!
10 End-of-Year Google Workspace Admin Tasks
1. GET YOUR SECURITY ALERTS IN ORDER
So what’s your Google Workspace security alerting plan in 2022?
Have you set up alerts for the things that matter the most like Data Loss Prevention and File Sharing?
Below is our list of the 5 recommended security alerts you may want to check.
2. REASSESS OTHER ADMIN ROLES
After you’ve deployed (and checked) the above alerts, you’ll want to take a step back and reassess other admin roles or ‘privileged users’ in your domain.
Focus on TWO important questions:
- Should that user really have such privileges?
- Have they been doing a good job managing their admin tasks or perhaps you need ‘delegated auditors’?
Tip: You can use the Delegated Auditor feature in GAT+ to give non-Google Admins responsibility over selected areas of users’ data without them gaining access to the Admin console. That way you’ll reduce the number of admins you have without taking away their auditing privileges.
This is one of the most important Google Workspace Admin tasks you’ll want to complete every year if you have a large domain with different admin roles.
Checkout our blog Google Workspace Super Admin vs other Admin Roles for more.
3. AUDIT INTERNAL AND EXTERNAL GOOGLE DRIVE SHARES
As a Google Admin, you need to audit internal and external file sharing in your domain.
This task is not just for end of year audits, you actually need to perform it regularly to spot any unusual ‘trends’ reflecting malicious activity in your domain.
To do that simply refer to the File Sharing Exposure report in the Admin console of the Business edition and set it to cover up to 180 days back. You can also set up different sharing permissions if you have the Business (or higher) edition.
These options, however, provide limited flexibility and require regular manual reviews of shared items and sharing permissions. Hence, one thing you can do is automate file sharing exposure reporting now for next year.
HOW TO AUTOMATE FILE SHARING EXPOSURE REPORTS:
1.Via the Google Access Manager.
(However it requires significant effort to develop, customize and maintain scripts on a regular basis).
2. Using GAT+ to find and report on all files shared in and out of your domain and take immediate actions, like removing any shares or copy and download any file you want to via GAT Unlock.
(This will save you plenty of time and effort, as well as give you peace of mind moving forward into a new year).
4. DATA LOSS PREVENTION IN DRIVE AND GMAIL (DLP)
Sometimes users may accidentally share sensitive data or add classified information later on to folders already shared out externally.
This my friend is every security officer’s nightmare scenario as it can have huge repercussions.
Setting up alerts based on specific content within documents, spreadsheets, presentations, PDF, and text files shared out is a smart way to prevent that from happening as your users collaborate more over the next year.
A. DATA LOSS PREVENTION IN DRIVE (DLP):
- You can Scan and protect Drive files using DLP rules, covering Google Sheets, Docs and Slides. Read more. (For Enterprise; Enterprise for Education editions)
- You can also get more granular and use GAT + to set up real-time Google Drive DLP Alerts for files with specific content shared outside your domain (Getting these DLP alerts in real-time helps you handle accidental data mishaps faster and better).
B. DATA LOSS PREVENTION IN GMAIL:
- For Enterprise; Education and Enterprise for Education you can use Google’s Gmail DLP which lets you use predefined content detectors when scanning inbound or outbound email. Read more.
For more on DLP make sure to check our 6 Google Drive Data Loss Prevention Practices.
5. GMAIL INBOX AUDIT
Now onto the correspondences your Google Workspace domain users RECEIVE rather than share (particularly things like Phishing and Spam emails).
While there isn’t a 100% guaranteed method to protect users against receiving and opening these emails, raising your users’ Phishing awareness is your first defence line here.
You may share our 5 Tell-tale signs of a phishing email with your users, especially now that it’s the most ‘phishing-abundant’ time of the year.
Also, as an Admin, here are a couple of things you can do from your side:
1.Advise users to Whitelist important domains (to hit the balance between receiving too much spam and missing out on important emails).
2.Make sure you have a ‘Damage Control’ solution that allows you to remove emails received by all or any of your domain users in BULK.
GAT Unlock’s Bulk email removal feature helps you remove:
- Phishing emails
- An email sent to the wrong user or group
- An email containing inappropriate content
- An email containing sensitive information
- An email that has gone past spam filtering
6. DRIVE FILE STRUCTURE MANAGEMENT
Review how your Shared Drive is structured. More specifically, what files lie in personal or ‘My Drives’ and need to be moved to ‘Shared Drives’ and vice versa.
Why is Drive file structure management important for Google Admins?
- Information Security: It ensures the right users have the right access to the right data.
- Data Loss Prevention: It makes it easier to enforce DLP rules and prevent accidental loss or leakage of files that contain sensitive or important data.
- Efficiency: It helps teams and users work together more efficiently in the cloud.
You may be thinking ‘but there are so many files and folders generated this year alone that it requires some serious Cowboy tools’.
Well, thankfully, in the digital world, relocating important Drive files doesn’t require much heavy lifting.
7. DECLUTTER GOOGLE GROUPS
At the end of every year, you’ll want to maintain and declutter your Google Groups to make them more efficient.
Here’s a checklist of a few things you may want to consider:
- Empty Google Groups
- Review Groups with only external members
- Review Groups with some external members
- Review Groups without owner(s)
To audit, manage and change them more easily GAT+ gives you all these capabilities in one place, saving you time and giving you a more comprehensive view of your Google Groups.
8. USER ONBOARDING/OFFBOARDING AND MODIFICATION
The first quarter of every year usually witnesses a noticeable surge in user onboarding and offboarding operations as new vacancies come up and hiring operations increase.
That’s why, before embarking on to the new year, you’ll want to assess how you handle your user onboarding and offboarding operations.
For instance, do you onboard and offboard users manually or do you use automated workflow? How do you handle leavers’ accounts and transfer file ownership of suspended users?
Tackling this early on in the year will help make this first quarter of the new year A LOT easier for you. It’ll also save you plenty of time and effort usually spent on repetitive tasks that can otherwise be automated.
More resources? Checkout the posts below:
- The Admin’s Google Workspace User Onboarding Checklist
- 3 Steps to Hassle-free Employee Onboarding in Google Workspace
- Safely Offboard Google Workspace Users Leaving your Company (in 5 Steps)
9. AUDIT THIRD-PARTY APPS
Lastly, you’ll want to Check and Control which third-party & internal apps your users use and which of these apps can access Google Workspace data.
You can easily do that by following the steps outlined by Google here.
However, if you’re looking for more granular controls over this particular area such as the ability to filter apps by level of access or creating a policy banning or allowing the use of certain apps for a certain group of users (Ex. allowing the use of social media apps for marketing teams but banning them for all other users) you can use GAT+ to achieve that and more.
Remember, third-party apps can infect devices with malicious codes like ransomware and adware so you’ll want to audit their access to your domain data regularly.
10. CLEAN UP INACTIVE GOOGLE ACCOUNTS
Finally, you’ll want to clean up Google accounts that haven’t been active for a certain amount of time.
Well, that’s it for your 10 end of year Google Workspace admin tasks today! We hope that you’ve found this post helpful and wish you a happy, secure and efficient new year ahead.
Checkout our Annual Google Drive Housekeeping for Admins (3-Step Drill) for more content on end of year Google admin tasks.
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.